Lucene search

K
mageiaGentoo FoundationMGASA-2013-0160
HistoryJun 06, 2013 - 4:24 p.m.

Updated nginx package fixes security vulnerability

2013-06-0616:24:33
Gentoo Foundation
advisories.mageia.org
10

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.152 Low

EPSS

Percentile

95.9%

A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxy_pass to untrusted upstream HTTP servers is used. The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxied server (CVE-2013-2070).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchnginx< 1.2.9-1.1nginx-1.2.9-1.1.mga3

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.152 Low

EPSS

Percentile

95.9%